Skip to content

[StepSecurity] Apply security best practices (#255) #477

[StepSecurity] Apply security best practices (#255)

[StepSecurity] Apply security best practices (#255) #477

Workflow file for this run

name: CI
on: [push, pull_request]
env:
CI: true
permissions:
contents: read
jobs:
build:
name: Build libllhttp.a
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- macos-latest
- ubuntu-latest
- windows-latest
steps:
- name: Install clang for Windows
if: runner.os == 'Windows'
run: |
iwr -useb get.scoop.sh -outfile 'install.ps1'
.\install.ps1 -RunAsAdmin
scoop install llvm --global
# Scoop modifies the PATH so we make the modified PATH global.
echo $env:PATH >> $env:GITHUB_PATH
- name: Fetch code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 1
# Skip macOS & Windows, cache there is slower
- name: Restore node_modules cache for Linux
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
if: runner.os == 'Linux'
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm install --ignore-scripts
- name: Build libllhttp.a
shell: bash
run: |
make build/libllhttp.a
test:
name: Run tests
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- macos-latest
- ubuntu-latest
- windows-latest
steps:
- name: Install clang for Windows
if: runner.os == 'Windows'
run: |
iwr -useb get.scoop.sh -outfile 'install.ps1'
.\install.ps1 -RunAsAdmin
scoop install llvm --global
# Scoop modifies the PATH so we make the modified PATH global.
echo $env:PATH >> $env:GITHUB_PATH
- name: Fetch code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 1
# Skip macOS & Windows, cache there is slower
- name: Restore node_modules cache for Linux
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
if: runner.os == 'Linux'
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm install --ignore-scripts
# Custom script, because progress looks not good in CI
- name: Run tests
env:
CFLAGS: -O0
run: npx mocha --timeout 30000 -r ts-node/register/type-check test/*-test.ts
lint:
name: Run TSLint
runs-on: ubuntu-latest
steps:
- name: Fetch code
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
fetch-depth: 1
- name: Restore node_modules cache
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Install dependencies
run: npm install --ignore-scripts
- name: Run lint command
run: npm run lint